Replication server selection method

ABSTRACT

A method for a client computer to find a network address of a server computer by searching for the network address using at a backup search procedure if the address of the server computer cannot be identified using a primary search procedure. The primary and backup search procedures can be performed in parallel and multiple backup search procedures can be performed to identify the address of the server computer. Alternatively, the primary and backup search procedures can be performed in serial wherein the backup search procedure is performed only when the primary search procedure does not identify the address of the server computer.

FIELD OF THE INVENTION

The present invention generally relates to computer networks and moreparticularly to a method of identifying replicated computers on thenetwork.

BACKGROUND OF THE INVENTION

In a network computing environment, computers can be replicated in orderto provide redundant sources of information. Specifically, theinformation on one computer can be copied onto one or more othercomputers in order to provide redundancy. For example, password servercomputers can be replicated in order to ensure that a password servercomputer is always available for use by a client computer. Each of thecomputers on the network communicate with one another through the use ofa defined protocol.

Computers can be added and removed from the network as needed.Therefore, each computer needs to have information about the othercurrent computers on the network in order to communicate. Typically, acomputer will have an address list of all available computers. The listneeds to be updated in order to find the other computers on the network.Each computer needs to have the address of the other computers in thenetwork in order to contact each other.

A method for determining the network address of computers on the networkrequires a requesting computer to contact a network computer thatmaintains an updated list of network addresses. In this regard, one ofthe computers of the network maintains an updated list of updatednetwork addresses for the other computers in the network. The requestingcomputer will know the address of the computer maintaining the list andcontact that computer for the addresses of the other computers on thenetwork. If the computer maintaining the list is disconnected from thenetwork, then requesting computers cannot easily determine the addressesof the other computers on the network.

Another method of identifying computers on the network is to broadcast amessage over the network seeking information about all computers on thenetwork. When one of the computers responds, then the list of activecomputers on the network can be updated. However, this process can betime consuming and waste network resources.

SUMMARY OF THE INVENTION

The method of the present invention provides a layered approach toproviding the addresses of network computers and provides redundantfinding capabilities for improved efficiency. In accordance with thepresent invention there is provided a method for a client computer tofind a network address of a server computer by using a backup searchprocedure if the address of the server computer cannot be identifiedusing a primary search procedure. The search procedures can be performedin parallel and include searching a local storage of the client computeras the primary search procedure. If this procedure fails to identify thenetwork address of the server computer, then a backup search proceduresuch as searching a configuration record of the client computer for thenetwork address is performed. It will be recognized by those of ordinaryskill in the art that different types of search procedures can becombined in different combinations as the primary and backup searchprocedures.

Typically, the server computer is a password server computer having apublic key. The client computer uses the public key to search for theaddress of the server computer. Once the address of the server computeris known, the client computer attempts to establish a connection andauthenticate the server. If a connection is established, then the servercomputer transmits an address list of all replicated servers to theclient computer. The address list is stored in the local storage of theclient computer and is used to contact the other server computers whenneeded.

In addition to the foregoing, a backup search procedure can betransmitting a broadcast message over the network to identify theaddress of the server computer. The public key of the server computercan be used in the broadcast message to identify the server computer. Ifthe address is found, then the client attempts to establish aconnection. However, if the address is not found using the broadcastmessage, then another backup procedure such as using an authenticationrecord of the server computer can be used to find the network address.Specifically, the client computer searches the authentication recordusing the public key of the server computer. If the address is foundfrom the authentication record, then the client computer attempts toestablish a connection.

However, if a connection cannot be established, then another backupsearch procedure is for the client computer to determine if the serveris running on the same CPU as the client computer. The client computercan use either a loop back address or inter process communication todetermine if the same CPU is being used by the client computer and theserver computer. If the same CPU is being used, then the client computerknows the network address of the server computer and attempts toestablish a connection. However, if the same CPU is not being used, thenthe client computer does not know the address of the server computer andcannot establish a connection.

By using a primary and backup search procedure, it is more likely toidentify replicated servers. The primary and backup search proceduresmay be performed in either a serial or parallel manner. When the searchprocedures are performed in parallel, then the primary and backupprocedures are performed concurrently and the results from the backupprocedure are used if the primary procedure does not identify the servercomputer. When the search procedures are performed serially, then theprimary search procedure is performed and the backup search procedure isonly performed when the primary search procedure does not identify theserver computer. Furthermore, it is possible to perform more than onebackup procedure if the primary search procedure does not identify theserver computer. Multiple backup procedures can be used to identify theserver computer.

BRIEF DESCRIPTION OF THE DRAWINGS

These, as well as other features of the present invention, will becomemore apparent upon reference to the drawings wherein:

FIG. 1 is a diagram for a computer network of replicated computers; and

FIG. 2 is a flowchart illustrating the method of the present invention.

DETAILED DESCRIPTION

Various aspects of the present invention will now be described inconnection with exemplary embodiments, including certain aspectsdescribed in terms of sequences of actions that can be performed byelements of a computer system. For example, it will be recognized thatin each of the embodiments, the various actions can be performed byspecialized circuits, circuitry (e.g., discrete and/or integrated logicgates interconnected to perform a specialized function), programinstructions executed by one or more processors, or by any combination.Thus, the various aspects can be embodied in many different forms, andall such forms are contemplated to be within the scope of what isdescribed. The instructions of a computer program as illustrated in FIG.2 for finding an address of a server computer can be embodied in anycomputer-readable medium for use by or in connection with an instructionexecution system, apparatus, or device, such as a computer-based system,processor containing system, or other system that can fetch theinstructions from a computer-readable medium, apparatus, or device andexecute the instructions.

As used here, a “computer-readable medium” can be any means that cancontain, store, communicate, propagate, or transport the program for useby or in connection with the instruction execution system, apparatus, ordevice. The computer-readable medium can be, for example but is notlimited to, an electronic, magnetic, optical, electromagnetic, infrared,or semiconductor system, apparatus, device, or propagation medium. Morespecific examples (a non exhaustive list) of the computerreadable-medium can include the following: an electrical connectionhaving one or more wires, a portable computer diskette, a random accessmemory (RAM), a read only memory (ROM), an erasable programmable readonly memory (EPROM or Flash memory), an optical fiber, or a portablecompact disc read only memory (CDROM).

Referring now to the drawings wherein the showings are for purposes ofillustrating preferred embodiments of the present invention only, andnot for purposes of limiting the same, FIG. 1 is a diagram showing asystem 10 having client computers (i.e., clients) 12 a-12 c connected toa physical network 18. Also connected to the network 18 are passwordserver computers (i.e., password servers) 14 a-14 c. Each of thepassword servers 14 contains the same information such that they arereplicated on the network. For example, client 12 a can contact any oneof the password servers 14 a, 14 b or 14 c to verify a password.Replication is the ability of multiple independent computers (i.e. CPU,storage, network interfaces and any other components necessary for afully independent computer device) to share data and keep that datasynchronized. For this example, the data to be synchronized is the setof password data for an entire network of computers. In a replicatedsystem, the switch over between servers 14 should be transparent to theclient 12 in order to provide a seamless network transition in the eventof mobility and/or password server failure.

In the system 10, when a client 12 needs to verify a password, itcontacts a password server 14 for verification services. Typically, theuser will type his or her username and password into a login window ofthe client 12. The login window verifies the existence of a user recordusing a configured directory of the system. If the user record exists inthe directory system, the login window passes the name and password to asecurity framework of the system. The security framework then passes thename and password to the operating system directory services of theclient 12 which retrieves the user record from the directory system andreads a data value called the “authentication authority” (i.e.authentication record) associated with the user record. Theauthentication authority indicates that the user's password is stored ina password server 14. The authentication authority contains threevalues: 1) the public key of the designated password server; 2) a128-bit number uniquely naming a single password stored in the passwordserver; and 3) a network address that is a likely network address of thepassword server. The network address may be an IPv4 address, IPv6address or a resolvable domain name using the DNS system. Afterretrieving and parsing the authentication authority, the operatingsystem of the client 12 contacts the password server 14 using thenetwork address. Next, the operating system conducts a secure networkauthentication method before trusting the password server 14. The client12 challenges the password server to a public-key/private-keyverification step as is commonly known. Using the public key, the client12 crafts a challenge that only a valid private key holder can properlyanswer. The password server 14 either succeeds or fails theauthentication attempts such that access is either granted or denied.

The method of password authentication by the password server 14 isperformed by each of the replicated password servers 14. All of thepassword servers 14 will have the same public key/private key and listof user passwords. Therefore, each of the password servers 14 can benamed by the public key. The public key and private key are createdusing standard cryptography techniques as is commonly known. The publickey is used to verify the authenticity of a password server 14, as wellas serve as a name for the password server 14.

As stated above, after retrieving and parsing the authenticationauthority, the client 12 attempts to contact the designated passwordserver 14 using the network address. However, if the password server 14is not connected to the network, then a connection cannot be made. Theoperating system of the client 12 will then need to find anotherpassword server 14 for verification.

Referring to FIG. 2, a method for finding the network address of otherpassword servers 14 connected to the network 18 is shown. Specifically,the operating system of the client 12 attempts to find the address ofthe other password servers 14 verify and authenticate the password. Theorder of steps shown in FIG. 2 is an example of one way in which aclient 12 can identify a password server 14. It will be recognized bythose of ordinary skill in the art that the order of steps illustratedin FIG. 2 can be performed in different orders as necessary. In step210, the operating system of the client 12 attempts to find a list ofnetwork addresses for the replicated password servers 14 in a systemlocal storage using the password server system's public key as an index.As previously discussed, each replicated password server 14 has the samepublic key such that it can be used to identify all of the replicatedpassword servers 14. The public key is used to find records that willhave the network address. If the address of the password server 14 isfound in the local storage of the client 12 at step 212, then theprocess proceeds to step 214 where the operating system of the client 12attempts to establish a network connection with the server 14. Once theconnection has been established, then the password server 14 isauthenticated using the public key/private key verification in step 216.If the password server 14 is authenticated, then access to the passwordserver 14 is granted. In step 218, a list of password server addressesfor known replica password servers 14 is transmitted and stored in thelocal storage of the client 12. The list is used to populate the localstorage cache of the client 12. As long as the local storage cache ofthe client 12 contains correct network addresses for the passwordservers 14, the process of finding the address of a password server 14occurs in step 214.

However, if the network address of the password server 14 is not foundin the local storage, the process proceeds from step 212 to step 219where the operating system of the client 12 uses a broadcast techniqueto resolve the network address of the password server 14. Specifically,the operating system of the client 12 uses the broadcasting capabilityof the network 18 to transmit the public key of the password server 14and await a response. In step 220, if the network address is found bybroadcasting the public key, then the process proceeds to steps 214-218to establish and authenticate a network connection as previouslydescribed.

In step 220, if the broadcast message does not resolve the networkaddress of a password server 14, then the process proceeds to step 222where the password server address from the authentication authority iscontacted. As previously described, the authentication authorityincludes an address of a password server 14. In step 224, the operatingsystem of the client 12 attempts to contact the password server 14 usingthe address from the authentication authority. If the attempt issuccessful, then the process proceeds to steps 214-218 where theconnection is established and the password server 14 is authenticated.

If the attempt to contact the password server 14 in step 224 is notsuccessful, then the process proceeds to step 226. The operating systemof the client 12 determines if the password server 14 is running on thesame CPU as the client 12. Specifically, the client 12 uses a TCP/IPloop back address (127.0.0.1) as the address of the password server 14.If the password server 14 is running on the same CPU as the client 12,then a connection can be established using the loop back address. Instep 228, if the connection is established, then the process proceeds tosteps 214-218 to authenticate the connection and retrieve the passwordserver addresses.

However, if a connection cannot be established using the loop backaddress in step 228, the process proceeds to step 230 where theoperating system of the client 12 attempts to find a network address ofa password server 14 from the configured directory system. Specifically,the name of the record in the directory system is the public key of thepassword server 14 and the record contains the network address of apassword server 14. In step 230, if the network address for the passwordserver 14 is in the configuration record, the process proceeds to step214 where the client 12 attempts to establish a network connection tothe server 14. The process then proceeds through steps 216 and 218 toauthenticate the network connection and populate the local storage ofthe client 12 with the network addresses of replica password servers 14.

However, if a connection cannot be established using the configurationrecord in step 232, then the process proceeds to step 234 where an interprocess communication (IPC) is used to determine if the password server14 is running on the same CPU as the client 12. The IPC mechanism candetermine the processes running on the CPU. If the password server 14 isrunning on the same CPU as the client 12, then the IPC can determinethis and the address for the password server 14 is the same as theclient 12 such that a connection can be established. In step 236, theaddress of the client 12 is used to establish a connection if the server14 is running on the same CPU. If a connection can be established, thenthe process proceeds to steps 214-218 where the password server 14 isauthenticated. However, if the server 14 is not on the same CPU, thenthe process ends without the address of the password server being found.

In most instances, the address of the password server 14 will be foundby searching the local storage of the client 12 in step 210. Even if theprocess proceeds to the other steps, the next time that the address fora password server 14 is needed, it will be in the local storage of theclient 12 because the list of password server addresses is updated instep 218.

The steps shown in FIG. 2 have been shown in a sequential order.However, it is possible to perform the steps in parallel in order toshorten the time to retrieve the address of the server 14. The searchingand connection attempts on the network are done in parallel to minimizethe wait time for a client in the instance that one of the passwordservers 14 is sluggish or unavailable in responding. In such a case, thestart of each search and connection attempt can be staggered in order toallow searches and connection attempts that are more probable to succeeda chance to complete. For example, the search of the configurationrecord 214 may begin before the search of the local storage 210 has beencompleted in order to shorten the wait time if the search of the localstorage 210 does not succeed. The time before the next step occursdepends on the type of operation being performed in order to allow theprevious operation a chance of succeeding.

Additionally, it is possible to perform the identification procedurewithout performing all of the steps enumerated in FIG. 2. For example,in order to identify the password server 14, the method may beimplemented by searching local storage in step 210 and if that does notsucceed then only transmitting a broadcast message in step 219. In thisregard, the method shown in FIG. 2 illustrates a primary or firstidentification procedure and if that fails then performing at least onebackup procedure for identifying the server 14.

It will be appreciated by those of ordinary skill in the art that theconcepts and techniques described here can be embodied in variousspecific forms without departing from the essential characteristicsthereof. The presently disclosed embodiments are considered in allrespects to be illustrative and not restrictive. The precedingdescription illustrated an example where an address of a password serverwas needed. However, it will be recognized that the addresses of othertypes of servers (i.e. web, file, etc.) can be found with the method ofthe present invention. Therefore, the embodiment illustrated is just oneexample and is not intended to be limiting of other embodiments. Thescope of the invention is indicated by the appended claims, rather thanthe foregoing description, and all changes that come within the meaningand range of equivalents thereof are intended to be embraced.

1. A method for a client computer to find a network address of a servercomputer, the method comprising searching for a network address of theserver computer using a backup search procedure if the address of theserver computer cannot be identified using a primary search procedure.2. The method of claim 1 wherein the server computer is a passwordserver computer having a public key and the primary or backup searchprocedures comprise using the public key to search for the address ofthe server computer.
 3. The method of claim 1 wherein the primaryprocedure includes searching a local storage of the client computersystem.
 4. The method of claim 3 wherein the backup search procedureincludes: searching a configuration record of the client computer systemfor the network address of the server computer.
 5. The method of claim 4wherein the server computer is a password server computer having apublic key and the local storage of the client and the configurationrecord are searched using the public key.
 6. The method of claim 3wherein the backup search procedure comprises the step of performing abroadcast procedure over the network in order to determine the networkaddress of the computer server.
 7. The method of claim 3 wherein thebackup search procedure comprises the step of using an authenticationrecord to determine the network address of the server computer.
 8. Themethod of claim 3 wherein the backup search procedure comprises the stepof determining whether the server computer is running on the same CPU asthe client computer in order to determine the network address of theserver computer.
 9. The method of claim 8 wherein the step ofdetermining whether the server computer is running on the same CPU asthe client computer comprises using a loop back address of the servercomputer.
 10. The method of claim 8 wherein the step of determiningwhether the server computer is running on a CPU of the client computercomprises sending out an inter process communication to the CPU.
 11. Themethod of claim 1 further comprising the step of establishing aconnection with the server computer with the network address found. 12.The method of claim 11 further comprising the step of authenticating theserver computer after the connection has been established.
 13. Themethod of claim 11 wherein the server computer is a password servercomputer.
 14. The method of claim 11 further comprising the step ofpopulating a local storage of the client computer with a list of networkaddresses for server computers after the connection has beenestablished.
 15. The method of claim 14 wherein the server computer is apassword server computer.
 16. The method of claim 1 wherein the primaryand backup search procedures are performed in parallel.
 17. A system forlocating a network address of a server computer, the system comprising aclient computer configured to search for a network address of the servercomputer using a backup search procedure if the address of the servercomputer cannot be identified using a primary search procedure.
 18. Thesystem of claim 17 wherein the server computer is a password servercomputer having a public key and the client computer is configured tosearch for the address of the password server computer using the publickey.
 19. The system of claim 17 wherein the primary search procedureincludes searching a local storage of the client computer.
 20. Thesystem of claim 19 wherein the backup search procedure includessearching a configuration record of the client computer for the networkaddress.
 21. The system of claim 20 wherein the server computer is apassword server computer having a public key and the local storage andconfiguration record of the client computer are searched using thepublic key to find the network address.
 22. The system of claim 19wherein the client computer is configured to perform a broadcastprocedure over the network in order to determine the network address ofthe server computer as the backup search procedure.
 23. The system ofclaim 19 wherein the client computer is configured to search anauthentication record of the server computer for the network address asthe backup search procedure.
 24. The system of claim 19 wherein theclient computer is configured to determine whether the server computeris running on a same CPU as the client computer in order to determinethe network address as the backup search procedure.
 25. The system ofclaim 24 wherein the client computer is configured to determine whetherthe server computer is running on the same CPU as the client computer byusing a loop back address as the address of the server computer.
 26. Thesystem of claim 24 wherein the client computer is configured todetermine whether the server computer is running on the same CPU as theclient computer by sending out an inter process communication to the CPUof the client computer.
 27. The system of claim 17 wherein the clientcomputer is configured to perform the primary and backup searchprocedures in parallel.
 28. A computer-readable medium containing aprogram with instructions that execute the following procedure:searching for a network address of a server computer using a backupsearch procedure if the address of the server computer cannot beidentified using a primary search procedure.
 29. The computer-readablemedium of claim 28 wherein the server computer is a password servercomputer having a public key and the primary or backup search procedurescomprise using the public key to search for the address of the servercomputer.
 30. The computer-readable medium of claim 28 wherein theprimary search procedure includes searching a local storage of theclient computer for the network address of the server computer.
 31. Thecomputer-readable medium of claim 30 wherein the backup search procedureincludes searching a configuration record of the client computer for thenetwork address of the server computer
 32. The computer-readable mediumof claim 31 wherein the server computer is a password server computerhaving a public key and the local storage and the configuration recordof the client computer are searched using the public key.
 33. Thecomputer-readable medium of claim 30 further comprising instructions forperforming a broadcast procedure over the network as the backup searchprocedure in order to determine the network address of the computerserver.
 34. The computer-readable medium of claim 30 further comprisinginstructions for using an authentication record to determine the networkaddress of the server computer as the backup search procedure.
 35. Thecomputer-readable medium of claim 30 further comprising instructions fordetermining whether the server computer is running on the same CPU asthe client computer as the backup search procedure in order to determinethe network address of the server computer.
 36. The computer-readablemedium of claim 35 wherein the instructions for determining whether theserver computer is running on a CPU of the client computer compriseinstructions for using a loop back address as the address of the servercomputer.
 37. The computer-readable medium of claim 36 wherein theinstructions for determining whether the server computer is running on aCPU of the client computer includes instructions for sending out aninter process communication to the CPU.
 38. The computer-readable mediumof claim 28 further comprising instructions for establishing aconnection with the server computer using the network address.
 39. Thecomputer-readable medium of claim 38 further comprising instructions forauthenticating the server computer after the connection has beenestablished.
 40. The computer-readable medium of claim 38 wherein theserver computer is a password server computer.
 41. The computer-readablemedium of claim 38 further comprising instructions for populating alocal storage of the client computer with a list of network addressesfor server computers after the connection has been established.
 42. Thecomputer-readable medium of claim 41 wherein the server computer is apassword server computer.
 43. The computer-readable medium of claim 28wherein the primary and backup search procedures are performed inparallel.
 44. A method of a client computer to locate a network addressof a server computer on a computer network, the method comprising thefollowing steps: searching for the address of the server computer in alocal system storage of the client computer; and performing a backupsearch procedure if the address is not found in the local systemstorage.
 45. The method of claim 44 wherein the backup search procedureis selected from the group of search procedures consisting of:broadcasting a message over the network to identify the address of theserver computer; searching an authentication record for the address ofthe server computer; using a loop back address to connect to the servercomputer; using a inter process communication to determine whether theserver computer is running on a same CPU as the client computer in orderto determine the network address; and searching a configuration recordof the client computer for the address of the server computer.
 46. Themethod of claim 45 wherein the server computer is a password servercomputer having a public key and the public key is used to search forthe network address.
 47. The method of claim 45 wherein the backupsearch procedure is performed in parallel with searching the localsystem storage of the client.
 48. A system for finding a networkaddress, the system comprising: server means having a network address;and client means for searching for the network address of the servermeans by searching for the address of the server means in a local systemstorage of the client means, and using a backup search procedure toidentify the address of the server means if the address is not found inthe local system storage.
 49. The system of claim 48 wherein the clientmeans is configured to search for the network address as the backupsearch procedure by performing at least one of the followinginstructions: broadcast a message over the network to find the addressof the server means; search an authentication record for the address ofthe server means; use a loop back address to connect to the servermeans; use a inter process communication to determine whether the servermeans is running on a same CPU as the client means in order to determinethe network address; and search a configuration record of the clientmeans for the address of the server means.
 50. The system of claim 49wherein the server means is a password server computer having a publickey and the public key is used to search for the network address. 51.The system of claim 49 wherein the backup search procedure is performedin parallel with searching for an address of the server means in a localsystem storage.